webmcp
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill instructions or templates. The content is focused on legitimate implementation and best practices for the WebMCP protocol.
- [EXTERNAL_DOWNLOADS]: The skill mentions the 'Model Context Tool Inspector' Chrome extension and a reference demo hosted by Google Chrome Labs (googlechromelabs.github.io). These are official resources from a trusted organization and are documented here for development and testing purposes.
- [PROMPT_INJECTION]: Evaluated the surface for indirect prompt injection. Data enters the agent context via 'navigator.modelContext' parameters (documented in 'references/imperative-api.md') and HTML form inputs (documented in 'workflows/add-declarative-tool.md'). The skill lacks explicit boundary markers for user data but promotes security best practices by recommending strict code-level validation ('references/tool-design.md') and descriptive error reporting to mitigate potential injection risks at the application level.
Audit Metadata